- is intended for the website www.swisscolocation.ch (hereinafter "Website") and applies in all cases in which reference is made or there is a link to this statement;
- is an integral part of the Website and the services we offer;
- is made to those who interact with the web services of the Website.
The processing of your personal data will be based on principles of correctness, lawfulness, transparency, limitation of purpose and preservation, minimization and accuracy, integrity and confidentiality, as well as the principle of accountability. Your personal data will therefore be processed in accordance with the laws and confidentiality obligations in force.
We inform you that the personal data processed, depending on your decisions on how to use the services, may consist of any kind of text, images or any other information suitable for make a natural person identified or identifiable, depending on the type of services requested.
1. DATA CONTROLLER
The data controller is Swisscolocation SA, whose registered office is at Viale Serfontana 7, 6834 Morbio Inferiore, Switzerland.
2. TYPES OF PERSONAL DATA COLLECTED
We inform you that the personal data processed may consist of: identity and contact data, includes first name, last name, address, nationality, telephone number, e-mail address; other data not relating to your person are saved for the purpose of technical processes, e.g. IP addresses; any other information (like professional information about you) suitable for make data subjects identified or identifiable.
The personal data processed through the Website are:
a. Personal Data used for website usage analytics:
During their normal operation, the computer systems and software procedures used to operate the website acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects and the Data Controller will not attempt in any way to relate the data contained in the protocols of its servers with the people who visited the website. However, such data, through processing and merging with data held by third parties, by their very nature could make it possible to identify users. As an example, this category of data includes IP addresses or domain names of the computers used by users connecting to the Website, Uniform Resource Identifier (URI) sequences of the requested resources, the time of request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters related to the user's operating system.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website, in order to check its correct functioning, identify anomalies and/or abuses, as well as to better structure the Website itself. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Website or third parties.
b. Personal Data provided voluntarily by you
c. Third party personal data provided voluntarily by you
Using particular services, we may process third party personal data, which you have provided to the Data Controller. In this case, you are the controller, in compliance with the legal obligations and responsibilities.
You will be liable for any dispute, claim for compensation or other request for damages, which should be received by the Data Controller from third parties, whose personal data have been processed in violation of GDPR.
In any case, if you provide us personal data of third parties, from now on you take full responsibility that this particular type of processing is based on the prior obtaining (on your part) third parties consent to the processing of his or her personal data.
The information on cookies are available at the following link.
3. PURPOSES OF THE PROCESSING
Your personal data will be processed for the following purposes:
3.1. fulfill legal, regulatory and Community obligations in accordance to the activities performed, as well as satisfy requests from authorities;
3.2. for the purposes of technical administration and research & development of the Website, in addition to the purposes strictly connected and / or necessary for the fulfillment of contracts entered into with the data subject;
3.3. providing information, products and services to you and ensuring their proper execution, to make an appointment for a guided tour, make a quote or reply to messages sent by you;
3.4. send the newsletter subscribed by you, without prejudice to the possibility of unsubscribing from the list of recipients, by selecting the appropriate link in each message;
3.5. for statistical purposes, in such a manner that the data subject is not or no longer identifiable.
The processing of your data may be carried out using manual, computerized and telematics tools, also through automated methods designed to store, manage and transmit them; it will take place through appropriate tools, as far as is reasonable and in the state of the art, to guarantee security and confidentiality through the use of suitable procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination.
The data are stored in computerized, electronic and paper archives, with full assurance of the security measures provided by the legislator.
Specific security measures are observed to prevent data breaches, illicit or incorrect use and unauthorized access.
4. LEGAL BASIS FOR THE PROCESSING
The purpose set out in section 3.1 represents a legitimate processing of personal data as it is necessary to compliance with a legal obligation to which the Data Controller is subject. Once the personal data have been transferred, it is indeed necessary to comply with legal obligations to which the Data Controller is subject.
Legal basis for processing for the purposes set out in sections 3.2, 3.3 and 3.4 is to performance of a contract with you, that means processing your personal data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Where the personal data we collect from you is needed to meet our legal or regulatory obligations or enter into an agreement with you, if we cannot collect this personal data there is a possibility we may be unable to on-board you as a client or provide information, products or services to you.
With particular reference to the processing of special categories of personal data (such as, for example, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, as well as genetic data, biometric data, for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation), in the event that you communicate them to us, despite our contrary warning, the processing finds a legal basis in your explicit consent.
Finally, the processing referred to in section 3.5 is not performed on personal data; therefore, it can be freely carried out by the Data Controller.
5. COMMUNICATION TO THIRD PARTIES
Swisscolocation does not sell, transmits, disseminate or otherwise make available your personal data to third parties.
If required from time to time, we disclose personal data to public authorities, regulators or governmental bodies, including when required by law or regulation, under a code of practice or conduct, or when these authorities or bodies require us to do so.
Your personal data could be communicated mainly to third parties such as:
|Categories of recipients||Purposes|
|Companies belonging to Data Controller or parent and subsidiary companies||Fulfillment of administrative and accounting requirements as well as those connected with the contractual services|
|Third party providers||Performance of services (assistance, maintenance, delivery/shipping of products, performance of additional services, providers of networks and electronic communication services) associated with the requested service|
|External professionals/consultants and consulting firms||
Fulfillment of legal requirements, exercising rights, protecting contractual rights, credit recovery
|Credit and electronic payment institutions, post offices, insurance institutions||Managing deposits, payments, reimbursements associated with the contractual service|
|Financial Administration, Public Agencies, Legal Authorities, Supervisory and Oversight Authorities||Fulfillment of legal requirements, protection of rights; lists and registries held by Public Authorities or similar agencies based on specific regulations relating to the contractual service|
6. INTERNATIONAL TRANSFERS OF PERSONAL DATA
Your personal data are processed in the country where the Data Controller is located.
We inform you that Switzerland is a country in which personal data can be processed and transferred also in accordance with the GDPR, because the European Commission has recognized Switzerland as providing adequate protection for personal data. The European Commission has the power to determine, on the basis of article 45 of Regulation (EU) 2016/679 whether a country outside the EU offers an adequate level of data protection and thanks to the Decision of 26 July 2000, personal data can flow from the EU to Switzerland without any further safeguard being necessary. In others words, transfers to the country in question will be assimilated to intra-EU transmissions of data.
According to GDPR, this Decision “shall remain in force until amended, replaced or repealed by a Commission Decision”.
7. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements, except if you ask us to stop processing your personal data.
Personal data processed for the purposes set out in section 3.1 will be kept until the time required by the specific obligation or applicable law.
For data provided to the Controller for the purposes set out in sections 3.2, 3.3 and 3.4, they will be stored as long as necessary to fulfil the purposes we collected it for, depending on the services requested.
We will only retain personal data for as long as necessary to comply with legal or regulatory requirements, to comply with obligations (e.g. tax and accounting purposes) which may continue even after termination of the contract.
8. YOUR RIGHTS
You have the right to:
1) Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it
2) Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
3) Request erasure of your personal data. This enables you to ask us to delete or remove personal data where we no longer need to it for the purposes for which it was collected. Note, however, that we may not always be able or required to comply with your request of erasure for specific legal reasons or because the processing is necessary for exercise or defence of legal claims.
4) Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
5) Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
6) Request the transfer of your personal data to you or to a third party where this is technically feasible. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where our processing of the information is necessary for the performance of a contract with you
7) Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
8) When personal data are processed for direct marketing purposes, your right to object extends to direct marketing, including profiling to the extent it is related to such marketing.
9) Right not to be subject to a decision based solely on automated processing, including profiling;
10) The right to lodge a complaint with the competent supervisory authority and before the competent courts of the Member States
Where your requests are manifestly unfounded or excessive, we may either charge a reasonable fee or refuse to act on the request.
You can exercise the rights set out above using the e-mail in section 12 of this notice.
9. EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS
There is no automated decision-making process for customer profiling.
10. REPRESENTATIVE OF DATA CONTROLLER
For the purposes of ensuring compliance with GDPR, the Data Controller appointed a member of our internal Legal Office as representative established in a Member States, pursuant to art. 27 GDPR, reachable at the e-mail address firstname.lastname@example.org
To exercise the above rights or for any other request you can send an e-mail to email@example.com